Appendix
Terms
vRA CM Framework
Configuration Management Framework
Allows Configuration management tools such as Ansible to be “first-class” citizens on the vRA blueprint canvas so they can be dragged and dropped on the canvas.
CMP
Cloud Management Platform
sudo
If using sudo with non-root user during the configuration of the inventory setup, sudoers file in Ansible Tower has the following: Allow root to run any commands anywhere
##Allow root to run any commands anywhere
root ALL=(ALL) ALL
[username] ALL=(ALL) NOPASSWD:ALL
Ansible Tower Endpoint for CM Framework
Ansible Tower Endpoint for CM Framework
Field | Value |
---|---|
Type |
Select Ansible Tower |
Field | Value |
---|---|
Name |
Copy this value to use later Enter desired endpoint name |
Description |
Optional |
Field | Value |
---|---|
Ansible Tower Endpoint | |
Configuration label |
No spaces, periods or special characters except underscore ( Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_ |
Hostname |
Ansible Tower URL |
Username |
Username used to login to Ansible Tower |
Password |
Corresponding password. Hostname, Username, and Password are validated against the Ansible Tower API (web) once all three are entered. |
If set to true, the Ansible Tower Server instance certificate is accepted silently and the certificate is added to the trusted store |
If Ansible Tower is on an internal network, a self-signed is permissible -- Select Yes. If Ansible Tower is on an external network, a Certificate Authority issued certificate should be used. Select No. If there are warnings, the user will have to open vRO Orchestrator, navigate to Library > Configuration >SSL Trust Manager > Import a certificate from URL and respond to the User action. |
Ansible Tower Host Access | |
Configure Custom Dynamic Inventory? |
Choosing Yes causes the “Dynamic Inventory Configuration” sub-tab to appear. The fields below only appear when Yes is chosen. Type if sudo user exists on Ansible Tower machine or leave blank and use root. |
Command for privilege escalation (e.g. sudo) |
*NOTE: sudoer file must have user be NOPASSWD, refer to Appendix A |
Host Username |
sudo user or root |
Host Password |
Corresponding password. Hostname, Username, and Password are validated against the Ansible Tower server machine once all three are entered. |
Dynamic Inventory Configuration | |
vRO Host |
vRO URL. This is auto-filled and can be overridden. |
vRO Port |
vRO Port. This is auto-filled and can be overridden. |
vRO Username |
vRO Username. This is auto-filled and can be overridden. |
vRO Password |
vRO Password. The vRO Host, vRO Port, vRO Username, and vRO Password are validated against the given vRO once all three are entered. |
Organization and Inventory Setup | |
*This section has rules built-in depending on if Ansible Organizations, Inventories, Inventory Sources, Groups, etc are created. *Recommend starting with creating an Organization, which requires creation of everything under it – Inventories, Group, etc. *If Configure Custom Inventory? Is No, only the Organization and Inventory fields appear and are dropdowns (no create functionality). Also, no custom inventory configuration will be created (no cache or YAML config file on the Ansible Tower server). | |
Name |
Unique name for each of the Organization, Inventory, Group, etc. |
Description |
Optional |
Inventory Script Options |
Initially, select “Create New with Latest…” and enter a name and optional description |
Filters and Groups | |
Property Filters |
Enter an optional key/value pair that exists in the vmProperties. The Job Template will be run only on a VM that has this key/value |
Page Size |
The maximum number of VMs to process at a time. |
Group Separator |
Delimiter for dynamic groups defined or chosen in the next two fields. |
Add User-Defined Group |
Place VMs into groups indicated after successful Job Template (playbook) run. User-defined optional. |
Pre-defined Groups |
Place VMs into groups indicated after successful Job Template (playbook) run. User selects one or more. |
Prompt on Launch Overrides (Optional) | |
*All the below fields are optional. If none are specified, provisioning using this Endpoint will use values contained in the Ansible Tower Job Template. *In order for any of these values to have an affect, the Ansible Tower Job Template must have “PROMPT ON LAUNCH” turned on for each field. | |
Ignore Job Run Errors? |
If Yes, Ansible Job Template failure is ignored. If No, future hook to trigger VM deprovisioning. |
Get Machine Credential From list? |
If Yes, the Machine Credential field is filled with relevant credentials to choose from. If No, the Machine Credential field is a user-entered text field. |
Machine Credential |
Either a drop down or text field. Text allows known Ansible Tower credentials, or SovLabs Template language entry. |
Override Inventory in the Ansible Tower Job Template? |
Indicates whether to use the Job Template’s designated Inventory, or one to be specified here. When changing this field, certain of the below fields will become visible or hidden based on rules. Yes is the default setting. |
Use the Inventory from this Endpoint? |
Indicates that the Inventory chosen in the Provisioning Setup sub-tab is to override the Job Template’s Inventory. Yes is the default setting. |
Endpoint Inventory (read-only) |
A convenience field showing what Inventory was chosen in the Provisioning Setup sub-tab. Changing this field has no effect. |
Use Templated Inventory? |
Indicates if a SovLabs Template Language entry for inventory overrides the Job Template’s Inventory. Defaults to the inventory picked in the Organization and Inventory Setup section. |
Templated Inventory |
Place VMs into groups indicated after successful Job Template (playbook) run. User selects one or more. |
Extra Vars |
Text allows known Ansible Tower Inventory, or an appropriate SovLabs Template Language entry for Inventory. Text allows input variables used by the Job Template’s playbook, or an appropriate SovLabs Template language entry for ExtraVars. |